Metadata Attacker – Tool To Generate Media Files With Malicious Metadata

Metadata Attacker Tool To Generate Media Files With Malicious Metadata

Metadata Attacker is Exploitation Tool that can inject generate image (.jpg), audio (.mp3) or video (.mp4) file containing your custom Metadata or a set of cross-site scripting vectors to exploit any web service against XSS vulnabilities when displaying your files with unfiltered Metadata. This tool will create image, audio or video with malicious script. This method will able to exploit a vulnerable website with just uploading image, audio or video files.

Metadata-Attacker

With this small suite of open source pentesting tools you’re able to create an image (.jpg), audio (.mp3) or video (.mp4) file containing your custom metadata or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta data.

Installation / Usage

First install docker on your host system.

Now you can simply run the following command :

§ sudo docker run -p 80:80 –rm lednerb/metadata-attacker

When finished open your favorite browser and switch to the docker ip or http://localhost

Credits

  • Image-Attacker developed by @mniemietz
  • Audio-Attacker developed by @derctwr
  • Video-Attacker, project merging and docker containers by @Lednerb

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

seventeen − six =